tomcat-users mailing list archives

Hi Mike,
I had (under Tomcat 3.2 beta 3, Tomcat 3.2 beta 5 and Tomcat 3.2 beta 6)
the same problem with contextAdmin.html as you. There are in fact two
problems: problem of security (= problem with calling contextAdmin.html)
and problem of java.lang.NullPointerException (when you want to see
contexts from contextAdmin.html and so on).
I found different solutions of these problems.
There are 3 "players" in the "game":
1) file conf/server.xml;
2) file webapps/admin/WEB-INF/web.xml;
3) file conf/tomcat-users.xml.
What must you do with file server.xml?
*************************************
You will find context definition for path="/admin" and then you MUST change
trusted attribute from trusted="false" to trusted="true".
What can you do with file web.xml?
*********************************
You CAN do one of three alternatives:
A) to let web.xml without any change;
B) to modify web.xml:
to delete <security-constraint>...</security-constraint> and
<login-config>...</login-config> inside web.xml,
so at web.xml will then remain only 4 lines:
<?xml ... ?>
<!DOCTYPE ... >
<web-app>
</web-app>
C) to delete (or rename) web.xml.
What can you do with file tomcat-users.xml?
******************************************
You CAN do one of two alternatives:
X) to let tomcat-users.xml without any change;
Y) to change tomcat-users.xml:
here you have two subalternatives:
Y1) to include new user-line with role="admin"
into <tomcat-users> block, for example:
<user name="mike" password="tinnes" roles="admin" />
Y2) to include new role into user "tomcat"
<user name="tomcat" password="tomcat" roles="tomcat,admin" />
And why? Because at web.xml is line <role-name>admin</role-name> (if you
have not deleted (renamed) or modified file web.xml).
But now, I will not difference between alternatives Y1 and Y2, it will be
alternative Y.
What are the correct combinations of these actions?
**************************************************
I suppose, that you have correct server.xml. Then you have 5 correct
combinations betwen actions for web.xml and tomcat-users.xml.
And now, what happens when you call
http://localhost:8080/admin/contextAdmin/contextAdmin.html ??
It depends on these combinations:
--------------------------------
Combination: ==> behavior:
A + Y ==> displays security window, you fill in and then
displays contexAdmin.html and it works correctly;
B + X ==> displays contexAdmin.html and it works correctly;
B + Y ==> displays contexAdmin.html and it works correctly;
C + X ==> displays contexAdmin.html and it works correctly;
C + Y ==> displays contexAdmin.html and it works correctly.
I hope it help you.
Mirek Subrt
"Mike Tinnes"
<tinnes@eclipti To:
ctech.com> <tomcat-user@jakarta.apache.org>
cc:
24.10.2000 Subject: admin user/password
20:32
Please respond
to tomcat-user
Hello,
How do I determine/change/etc. the username and password for the /admin
security context? I've tried the username/passwords from the
tomcat-users.xml file, but these must relate to something else.
Thanks, Mike